package cn.edu.hrbcu.es.invigilatemanagerment.configuration;

import cn.edu.hrbcu.es.invigilatemanagerment.dao.RoleMapper;
import cn.edu.hrbcu.es.invigilatemanagerment.pojo.Role;
import cn.edu.hrbcu.es.invigilatemanagerment.pojo.Teacher;
import cn.edu.hrbcu.es.invigilatemanagerment.service.ITeacherService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;

import java.util.Collection;
import java.util.List;

@Slf4j
@Component
public class PermissionAccessDecisionManager implements AccessDecisionManager {
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private ITeacherService teacherService;
    @Override
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
        log.info("collection:{}", configAttributes);
//        log.info("principal:{} authorities:{}", authentication.getPrincipal().toString());
        Object principal = authentication.getPrincipal();

        if (principal instanceof String && configAttributes.iterator().next().getAttribute().equals("ROLE_LOGIN") ){
            System.out.println("访问公共资源");
            return;
        }
        if(principal instanceof String){
//            throw new BadCredentialsException("未登录");
            throw new BadCredentialsException("未登录");
        }

        List<Role> roleList=null;
        for (ConfigAttribute configAttribute : configAttributes) {
            // 当前请求需要的权限
            String needRole = configAttribute.getAttribute();
            if ("ROLE_LOGIN".equals(needRole)) {
                return;
            }

            // 当前用户所具有的权限
            if(roleList==null){
                log.info("principal{}",authentication.getPrincipal());
                String username = ((User)authentication.getPrincipal()).getUsername();
                Integer teacherId = teacherService.queryTeacherByUserName(username).get(0).getId();
                roleList = roleMapper.findRolesByTeacherId(teacherId);
            }
            for (GrantedAuthority grantedAuthority : roleList) {
                // 包含其中一个角色即可访问
                if (grantedAuthority.getAuthority().equals(needRole)) {
                    return;
                }
            }
        }
        throw new AccessDeniedException("SimpleGrantedAuthority!!");
    }

    @Override
    public boolean supports(ConfigAttribute attribute) {
        return true;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
}
